Multi-tab Website Fingerprinting Attack And Defense Technology In Tor

As the most popular anonymous communication system,Tor can effectively hide the identity information of client and server.Since it is difficult to track and locate both parties in communication,various anonymous abuse problems emerge in the Tor network endlessly.Hidden services are also used to build darknet full of various illegal activities,causing serious harm to society.In order to ensure the effectiveness of network supervision,deanonymization attack techniques represented by website fingerprinting attacks came into being.Website fingerprinting attack enables a local eavesdropper to determine which website a user is visiting by observing the time,direction,size of website packets.Website fingerprinting attack ensures the effectiveness of anonymous network website tracking and can provide support for the purification of cyberspace security.Aiming at the limitations of strong single-page scenarios in traditional website fingerprinting attacks,this thesis proposes a multi-tab page website fingerprinting attack technology based on deep learning.Aiming at the shortcomings of the current website fingerprint defense system,this thesis proposes a website fingerprinting defense technology based on application layer randomization.(1)A fingerprinting attack technique based on the parallel combination of CNN and LSTM for multi-tab websites is proposed.In the multi-tab page scenario,traditional website fingerprinting attacks usually fail.This article summarizes the reasons for the failure of traditional website fingerprint attack methods,and builds a multi-tab website fingerprint attack model based on the parallel combination of CNN and LSTM.The model uses a deep CNN module to extract the spatial characteristics of incomplete packet sequence fingerprinting,and uses LSTM module that is good at processing time series to extract the time characteristics of incomplete packet sequence fingerprinting.After feature fusion,a multi-layer fully connected classification module is used to achieve multiple website fingerprinting attack in multi-tab scene.The experimental results on correct segmentation,wrong segmentation and real segmentation prove that the fingerprinting attack model is still effective in multi-tab scenario.The accuracy of the model in the first 8 seconds of the sequence is more than 88%.In the case of real segmentation,the attack accuracy is more than 80%,and the attack effect is better than the most mainstream attack model.In the scene of wrong segmentation,the accuracy of the attack model proposed in this thesis does not decrease but increases,and has strong anti noise ability.In response to mainstream defense systems,this model can still provide better performance resistance protection.(2)A website fingerprinting defense technology based on application layer randomization is proposed.The past website fingerprint defense technology or defense effect was poor,or expensive,or difficult to deploy.Inspired by CDN network,the defense deploys embedded resource objects such as JS and CSS files on the HTTP server of Tor node,and updates,maintains and modifies the resource location regularly.Users visit the website and request resources randomly from different Tor nodes in parallel through multiple circuits,so that the traffic generated by each visit to the same website is different.This thesis discusses different randomized defense strategies from three aspects: client request mode,the number of multiple circuits used,and the proportion of embedded resources,determines the optimal defense parameters,and requests multiple HTML texts of other websites at the initial stage of visiting the website to enhance the defense.Finally,through experimental analysis and comparison,the proposed defense system can reduce the accuracy of the website fingerprinting attacks from 98% to 40% with 13% data overhead and 31% latency overhead,which is equivalent to the current best defense effect and easy to deploy.